This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/address-policy-wg@ripe.net/
[address-policy-wg] IP Addressing policy on personal contact info (kf)
- Previous message (by thread): [address-policy-wg] IP Addressing policy on personal contact info (kf)
- Next message (by thread): [address-policy-wg] Web archive of PI Task Force now available
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrei Robachevsky
andrei at ripe.net
Wed Aug 20 14:14:39 CEST 2003
Kurt Erik Lindqvist wrote: [...] >> We have talked with the Dutch Data Protection Authority about the >> Database as well, to make sure that we don't run afoul of the EU >> privacy directives. > > > > I think that issue is somewhat more problematic than that. I guess > that what Katri is actually asking for is the Swedish data protection > law. I am no expert on this law but from what I know / remember, the > law requires the direct consent of the registered party as well as > certain guarantees that the data is not passed on (within some > limits). This means that the Swedish ISPs in order to register these > customers actually needs written consent from the customer, as well > as to solve the issue on passing that data on further by registering > the data in the RIPE DB. > > Perhaps someone that knows the issue better could comment? > The lawyers told us that these registrations need to comply with the Dutch Data Protection Act which is derived from the EU Data Protection Directive. According to this Directive and the Dutch Data Protection Act storage and publication of personal data in a database is possible only (Article 7 EU Directive): a) with the data subject’s unambiguous consent, or b) if necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, or c) if necessary for compliance with a legal obligation to which the controller is subject (controller is the party responsible for determining the purpose and means of the processing of personal data), or d) if processing is necessary in order to protect vital interests of the data subject, or e) if necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in a controller or in a third party to whom the data are disclosed, or f) if necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and interests and freedoms of the data subject which require protection under the EU Directive. They though that e) and f) may apply. Also, after discussing the case with the Dutch Data Protection Authority (and their main concern was .de unreferenced data at that moment), the conclusion was that though there are some issues, the problem should be significantly reduced after removal of .de contact data and other stale information that has no direct relationship to the NCC's business. > Best regards, > > - kurtis - Best regards, Andrei Robachevsky RIPE NCC
- Previous message (by thread): [address-policy-wg] IP Addressing policy on personal contact info (kf)
- Next message (by thread): [address-policy-wg] Web archive of PI Task Force now available
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]